How severe is CVE-2021-26964?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2021-26964?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2021-26964 - HIGH Severity | CVSS 7.1

Vulnerability Description

A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to.

Related Vulnerabilities

CVE-2016-6591

HIGH

CVSS:7.1(High)

A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.

CWE-8632016

CVE-2017-15091

HIGH

CVSS:7.1(High)

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the s...

CWE-8632017

CVE-2018-10925

HIGH

CVSS:7.1(High)

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE"...

CWE-8632018

CVE-2021-1086

HIGH

CVSS:7.1(High)

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or i...

CWE-8632021

CVE-2021-20119

HIGH

CVSS:7.1(High)

The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.

CWE-8632021

CVE-2021-3456

HIGH

CVSS:7.1(High)

An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allo...

CWE-8632021